//package com.bzr.emos.wx.config.security;
//
//import com.alibaba.fastjson2.JSON;
//import jakarta.annotation.Resource;
//import jakarta.servlet.http.HttpServletResponse;
//import org.springframework.context.annotation.Bean;
//import org.springframework.context.annotation.Configuration;
//import org.springframework.http.HttpMethod;
//import org.springframework.security.authentication.AuthenticationManager;
//import org.springframework.security.authentication.ProviderManager;
//import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
//import org.springframework.security.config.Customizer;
//import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
//import org.springframework.security.config.annotation.web.builders.HttpSecurity;
//import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
//import org.springframework.security.core.userdetails.UserDetailsService;
//import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
//import org.springframework.security.crypto.password.DelegatingPasswordEncoder;
//import org.springframework.security.crypto.password.NoOpPasswordEncoder;
//import org.springframework.security.crypto.password.PasswordEncoder;
//import org.springframework.security.web.SecurityFilterChain;
//
//import java.util.HashMap;
//import java.util.Map;
//
//@Configuration //配置类'
//@EnableMethodSecurity
//public class WebSecurityConfig {
//
//
////    @Bean
////    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
////
////        // 指定自定义登录页面路径（如果不配置则使用默认登录页）
////        //
////        //                                .loginPage("/login")
////        // 允许所有人访问登录页面（避免重定向循环）
////        http.authorizeHttpRequests(auth -> auth
////                  .requestMatchers("/register/**","/verify/test","/verify/**").permitAll()
////                                .requestMatchers("/login").permitAll()
////
//////                .requestMatchers("/api/list").hasAuthority("USER_LIST") //针对用户配置权限
//////                .requestMatchers("/api/add").hasAuthority("USER_ADD")  //针对用户配置权限
//////                .requestMatchers("/api/**").hasRole("ADMIN")
////                // 其他所有请求都需要认证（登录）后才能访问
////                .anyRequest().authenticated()
////        )
////                .formLogin(form -> form.loginPage("/login").permitAll()
////                .failureUrl("/login?error")
////                .successHandler((request, response, authentication) -> {
////                    response.setContentType("application/json;charset=utf-8");
////                    Object principal = authentication.getPrincipal();//获取用户身份信息
////                    HashMap<Object, Object> result = new HashMap();
////                    result.put("code", 200);
////                    result.put("message", "登录成功");
////                    result.put("data", principal);
////                    //将结果转换成JSON字符串
////                    String json = JSON.toJSONString(result);
////                    response.getWriter().println(json);
////                })//验证成功时的处理
////                .failureHandler((request, response, exception) -> {
////                    response.setContentType("application/json;charset=utf-8");
////                    String localizedMessage = exception.getLocalizedMessage();
////                    HashMap<Object, Object> result = new HashMap();
////                    result.put("code", -1);
////                    result.put("message", localizedMessage);
////                    //将结果转换成JSON字符串
////                    String json = JSON.toJSONString(result);
////                    response.getWriter().println(json);
////                })
////        ).logout(logout -> logout
////                .logoutSuccessHandler((request, response, authentication) -> {
////
////                    response.setContentType("application/json;charset=utf-8");
////                    HashMap<Object, Object> result = new HashMap();
////                    result.put("code", 0);//成功
////                    result.put("message", "注销成功");
////                    //将结果转换成JSON字符串
////                    String json = JSON.toJSONString(result);
////                    response.getWriter().println(json);
////
////                })
////                // 注销成功后跳转到首页
////                .logoutSuccessUrl("/")
////        ).exceptionHandling(exception -> {
////                    exception.authenticationEntryPoint((request, response, authException) ->
////                    {
////                        response.setContentType("application/json;charset=utf-8");
////                        String localizedMessage = "登陆后方可访问";//authException.getLocalizedMessage();
////                        HashMap<Object, Object> result = new HashMap();
////                        result.put("code", -1);
////                        result.put("message", localizedMessage);
////                        //将结果转换成JSON字符串
////                        String json = JSON.toJSONString(result);
////                        response.getWriter().println(json);
////                    });//请求未认证的处理
////                    exception.accessDeniedHandler((request, response, accessDeniedException) -> {
////                        response.setContentType("application/json;charset=utf-8");
////                        HashMap<Object, Object> result = new HashMap();
////                        result.put("code", -1);//成功
////                        result.put("message", "没有权限");
////                        //将结果转换成JSON字符串
////                        String json = JSON.toJSONString(result);
////                        response.getWriter().println(json);
////                    });
////                }
////
////
////        );
////
////        http.sessionManagement(session -> session.maximumSessions(5)
////                .expiredSessionStrategy((event) -> {
////                    HttpServletResponse response = event.getResponse();
////                    response.setContentType("application/json;charset=utf-8");
////                    HashMap<Object, Object> result = new HashMap();
////                    result.put("code", -1);//成功
////                    result.put("message", "该账号已从其他设备登录");
////                    //将结果转换成JSON字符串
////                    String json = JSON.toJSONString(result);
////                    response.getWriter().println(json);
////
////                }));
////
////        http.cors(Customizer.withDefaults());
////
////        // 禁用CSRF防护（开发环境方便测试，生产环境应该启用）
////        http.csrf(csrf -> csrf.disable());
////        return http.build();
////    }
//
//
//}